Tageszusammenfassung - 27.05.2022

End-of-Day report

Timeframe: Mittwoch 25-05-2022 18:00 - Freitag 27-05-2022 18:00 Handler: Michael Schlagenhaufer Co-Handler: Thomas Pribitzer

News

New ChromeLoader malware surge threatens browsers worldwide

The ChromeLoader malware is seeing an uptick in detections this month, following a relatively stable operation volume since the start of the year, which means that the malvertiser is now becoming a widespread threat.

https://www.bleepingcomputer.com/news/security/new-chromeloader-malware-surge-threatens-browsers-worldwide/


New -Cheers- Linux ransomware targets VMware ESXi servers

A new ransomware named Cheers has appeared in the cybercrime space and has started its operations by targeting vulnerable VMware ESXi servers.

https://www.bleepingcomputer.com/news/security/new-cheers-linux-ransomware-targets-vmware-esxi-servers/


New ERMAC 2.0 Android malware steals accounts, wallets from 467 apps

The ERMAC Android banking trojan has released version 2.0, increasing the number of applications targeted from 378 to 467, covering a much wider range of apps to steal account credentials and crypto wallets.

https://www.bleepingcomputer.com/news/security/new-ermac-20-android-malware-steals-accounts-wallets-from-467-apps/


Microsoft shares mitigation for Windows KrbRelayUp LPE attacks

Microsoft has shared guidance to help admins defend their Windows enterprise environments against KrbRelayUp attacks that enable attackers to gain SYSTEM privileges on Windows systems with default configurations.

https://www.bleepingcomputer.com/news/security/microsoft-shares-mitigation-for-windows-krbrelayup-lpe-attacks/


Windows 11 KB5014019 breaks Trend Micro ransomware protection

This weeks Windows optional cumulative update previews have introduced a compatibility issue with some of Trend Micros security products that breaks some of their capabilities, including the ransomware protection feature.

https://www.bleepingcomputer.com/news/security/windows-11-kb5014019-breaks-trend-micro-ransomware-protection/


Warten auf abgesicherte Version: Anonymes Surfen unter Tails gefährdet

Wer mit dem Tor Browser des Tails-Systems surft, könnte Passwörter an Angreifer preisgeben.

https://heise.de/-7123771


Sie sollen Zollgebühren mit einer Paysafecard bezahlen? Achtung, Betrug!

Kriminelle versenden betrügerische E-Mails im Namen des Zolls und behaupten, dass Sie Zollgebühren bezahlen müssen, und zwar in Form einer Paysafecard. Nur so könne Ihr Paket zugestellt werden. Ignorieren Sie solche E-Mails, Kriminelle versuchen nur an Ihr Geld zu kommen.

https://www.watchlist-internet.at/news/sie-sollen-zollgebuehren-mit-einer-paysafecard-bezahlen-achtung-betrug/

Vulnerabilities

IBM Security Bulletins 2022-05-26 - 2022-05-27

IBM MQ Internet Pass-Thru, IBM MQ Operator, IBM MQ Appliance, IBM MQ trace, IBM Semeru Runtime, IBM Sterling Control Center, IBM App Connect Enterprise, IBM Watson Discovery, IBM Spectrum Control, IBM Netezza Host Management, IBM Tivoli Netcool/OMNIbus Probe Integrations, IBM DataPower.

https://www.ibm.com/blogs/psirt/


Sicherheitsupdates: Angreifer könnten Netzwerk-Hardware von Citrix lahmlegen

Es gibt wichtige Sicherheitspatches für Citritx ADC und Citrix Gateway. Angreifer könnten die Netzwerk-Hardware lahmlegen.

https://heise.de/-7123795


Security updates for Thursday

Security updates have been issued by Debian (chromium, dpkg, filezilla, irssi, puma, and python-django), Fedora (firefox, ignition, and pcre2), Mageia (cockpit, firefox/thunderbird, openldap, supertux, unrar, and vim), Oracle (firefox and thunderbird), Red Hat (rh-varnish6-varnish), SUSE (cups, fribidi, kernel-firmware, redis, and wpa_supplicant), and Ubuntu (dpkg, logrotate, and subversion).

https://lwn.net/Articles/896346/


Security updates for Friday

Security updates have been issued by Debian (atftp, cups, neutron, and zipios++), Fedora (clash, moodle, python-jwt, and thunderbird), Red Hat (thunderbird), Slackware (cups), SUSE (go1.17, libredwg, opera, seamonkey, and varnish), and Ubuntu (libxv, ncurses, openssl, and subversion).

https://lwn.net/Articles/896465/


ABB Cyber Security Advisory: e-Design - Multiple vulnerabilities

https://search.abb.com/library/Download.aspx?DocumentID=2%20CMT%200%200%206%200%208%206&LanguageCode=en&DocumentPartId=&Action=Launch


K32760744: libxml2 vulnerability CVE-2022-23308

https://support.f5.com/csp/article/K32760744


K54724312: Linux kernel vulnerability CVE-2022-0492

https://support.f5.com/csp/article/K54724312


Drupal: Mehrere Schwachstellen

http://www.cert-bund.de/advisoryshort/CB-K22-0661


Drupal CORE: Schwachstelle ermöglicht nicht spezifizierten Angriff

http://www.cert-bund.de/advisoryshort/CB-K22-0662


Keysight N6854A Geolocation server and N6841A RF Sensor software

https://us-cert.cisa.gov/ics/advisories/icsa-22-146-01


Horner Automation Cscape Csfont

https://us-cert.cisa.gov/ics/advisories/icsa-22-146-02


Cross-Site Request Forgery Vulnerability in Proxy Server

https://www.qnap.com/en-us/security-advisory/QSA-22-18